An enterprising group of security researchers has created a massive list of 'pwned' email addresses and usernames. Take a minute to see if you're on it

InfoWorld|Nov 2, 2011

Ever had a sneaky suspicion that somebody, somewhere has cracked your email account?

A handful of researchers at well-known security firm HP/TippingPoint DVLabs spend their spare time looking for publicly posted lists of cracked email addresses. They've also written programs that comb repositories of dumped stolen data, including Pastebin. Their collection has grown to 5 million known compromised accounts, and it's growing daily.

If you're curious to see if your email address or username has appeared on any of those clandestine lists, drop by PwnedList and see if your email address has appeared on any of the lists DVLabs has accumulated.

While the list is far from complete -- I verified that several known "pwned" email addresses aren't on the list -- it's sobering and well worth your time to check. It's free, and it only takes a second (if the server hasn't melted down).

These folks know what they're doing. First, they don't store any stolen passwords: The PwnedList database only contains publicly posted email addresses and usernames. The bad guys can steal all 5 million records in the PwnedList database and it won't get them anywhere.

Second, they're intensely aware of the potential for privacy problems. Accordingly, they promise they don't store and won't use any email address submitted online. More than that, though, if you really don't trust them, you don't have to type in your email address. You can create an SHA-512 encrypted hash of your email address and use that.

Woody Leonhard writes computer books, primarily about Windows and Office; he's currently working on the Win 10 follow-up to the thousand-page "Windows 8.1 All-in-One for Dummies." A self-described "Windows victim," Woody specializes in telling the truth about Windows in a way that won't put you to sleep.